Web share target API phishing PoC

root authored on 26 May 2022
Examples initial commit 1 year ago
README.md initial commit 1 year ago
bank-192.png initial commit 1 year ago
bank-512.png initial commit 1 year ago
index.php initial commit 1 year ago
manifest.json initial commit 1 year ago
script.js initial commit 1 year ago
service-worker.js initial commit 1 year ago
style.css initial commit 1 year ago
README.md

WebSharePhishing

Web share target API phishing PoC - The included PoC when put on a webserver and visited by a browser that allows (tested on android and chrome on win 10) it to be installed will create an application icon that will load the website URL as an application (with the URL bar hidden).

This makes for a very effective phishing application when paired with a legitimate looking icon and landing page.

The following two pictures demonstrate the install process, in android the bottom bar asking to install automatically appears and on windows you have to click the "install" button which becomes available when the browser/OS allows it:

desktop installation android installation

Once you have installed the icon will look:

desktop installed android home screen android app drawer

Finally once the application is launched this is how it looks:

running on android running on desktop